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APPLICATION 
FOR 

UNITED STATES LETTERS PATENT 



INTERNATIONAL BUSINESS MACHINES CORPORATION 



METHOD, SYSTEM AND PROGRAM PRODUCTS FOR 
SHARING STATE INFORMATION ACROSS DOMAINS 

TECHNICAL FIELD 

This invention relates, in general, to the 
5 Internet, and in particular, to sharing state 

information across disjoint domains of the Internet. 

BACKGROUND ART 

Most modern applications maintain information 
about its user, such as what the user was doing the 

10 last time the user ran the application or what the 

user preferred for the configuration settings. This 
is extremely useful, since it allows a user to tailor 
the application to the user's own specific needs or 
working habits. The information maintained is 

15 commonly referred to as "state information" . 
Applications that do not maintain this state 
information are considered "stateless". 

The World Wide Web is intrinsically stateless 
because each request for a new Web page is processed 

2 0 without any knowledge of previous pages requested. 
This is because the HTTP protocol that defines the 
formats of the requests and corresponding responses 
does not currently define a mechanism for state 
information to be maintained. Because maintaining 

25 state information is extremely useful, programmers 
have developed a number of techniques to add state 
information to the World Wide Web. These include 
server application programming interfaces (APIs) , 
such as NSAPI and ISAPI, and the use of cookies. 



EN998017 



-1- 



As described by Netscape, cookies are a general 
mechanism used by server side connections (such as 
CGI scripts) to both store and retrieve information 
on the client side of the connection. A server, when 
5 returning an HTTP object to a client, may also send a 
piece of state information which the client will 
store. Included in that state object is a 
description of the range of Uniform Resource Locators 
(URLs) for which that state is valid. Any future 
10 HTTP requests made by the client which fall in that 

range will include a transmittal of the current value 
of the state object from the client back to the 
server. The state object is called a cookie, for no 
compelling reason. 

15 This mechanism provides a powerful tool which 

enables a host of new types of applications to be 
written for web-based environments. A common example 
of an application that uses cookies is a "virtual 
shopping mall". As a user browses through a store of 

20 an on-line shopping mall and decides to purchase 

certain items, those items are added to the user's 
"shopping cart". Specifically, a list of the chosen 
items is kept in the browser's cookie file (i.e., the 
"shopping cart"), so that all of the items can be 

25 paid for when shopping within that particular store 
is complete. 

As stated above, cookies that have been saved by 
the browser will be transmitted on subsequent HTTP 
requests, if the URL associated with the request is 
3 0 in the range of URLs for which the cookie is valid. 
The range of URLs for which the cookie is valid 
depends on what has been specified, by the server 
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side of the connection, for the "domain" and "path" 
attributes associated with the cookie. Netscape 
defines these attributes as follows: 



domain = DOMAIN NAME 



5 When searching the cookie list for valid 

cookies, a comparison of the domain attributes 
of the cookie is made with the Internet domain 
name of the host from which the URL will be 
fetched. If there is a tail match, then the 

10 cookie will go through path matching to see if 

it should be sent. "Tail matching" means that 
the domain attribute is matched against the tail 
of the fully qualified domain name of the host. 
A domain attribute of "acme.com" would match 

15 host names "anvil . acme . com" , as well as 

" shipping . crate . acme . com" . 



Only hosts within the specified domain can 
set a cookie for a domain and domains must have 
at least two (2) or three (3) periods in them to 

20 prevent domains of the form: ".com", ".edu", 

and "va.us". Any domain that falls within one 
of the seven special top level domains listed 
below only require two periods. Any other 
domain requires at least three. The seven 

25 special top level domains are: "COM", "EDU", 

"NET", "ORG", "GOV", "MIL", and "INT". 

The default value of a domain is the host 
name of the server which generated the cookie 
response . 
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path = PATH 



The path attribute is used to specify the 
subset of URLs in a domain for which the cookie 
is valid. If a cookie has already passed domain 
5 matching, then the pathname component of the URL 

is compared with the path attribute, and if 
there is a match, the cookie is considered valid 
and is sent along with the URL request. The 
path "/foo" would match "/foobar" and 
10 H /foo/bar.html ,! . The path "/" is the most 

general path. 



If the path is not specified, it is assumed 
to be the same path as the document being 
described by the header which contains the 
15 cookie. 



As an example, if a browser receives a response 
which contains a cookie with a domain attribute 
having a value of ".ibm.com" and a path attribute 
having a value of "/", all subsequent requests made 
2 0 by the browser, to URLs that have a tail of 

".ibm.com", will contain the cookie. Furthermore, 
any subsequent requests made by that browser, to URLs 
that have a tail other than ibm.com", will not 
contain the cookie. 



2 5 Therefore, cookies are not shared across 

domains. This places limitations on the use of 
cookies. For instance, in the virtual shopping mall 
example described above, the user must check out any 
purchases at each individual store, since there is no 

3 0 way to keep track of the items from one store to 
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another. As another example, since state information 
is not saved across domains, users must re- input 
login information for each domain. A single login is 
not possible. 

5 Based on the foregoing, a need exists for a 

capability that enables the sharing of cookies across 
domains. Further, a need exists for a technique that 
allows a single check out in a virtual shopping mall, 
even when purchasing items from different vendors. 
10 Further, a need exists for a single login capacity. 
A yet further need exists for a capability that 
enables an intermediary application to provide state 
information to a client or a server. 

SUMMARY OF THE INVENTION 

15 The shortcomings of the prior art are overcome 

and additional advantages are provided through the 
provision of a method of sharing state information. 
In one example, the method includes determining state 
information to be shared between a first domain and a 

20 second domain, and then, sharing the state 

information between the first domain and the second 
domain. The first and second domains are non- 
cooperating. 

In one example, the state information is stored 
2 5 within one or more cookies. In a further example, 
the first domain and the second domain are disjoint 
domains . 

In one embodiment, the state information is 
representative of login credentials to be used when 
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accessing the first domain and the second domain. In 
a further embodiment, the state information is 
representative of items to be purchased in an on-line 
virtual shopping mall. The first domain represents a 
5 first vendor of the on-line virtual shopping mall and 
the second domain represents a second vendor of the 
on-line virtual shopping mall. 

Another embodiment of the invention includes a 
method of providing state information. The method 
10 includes, for instance, determining state information 
to be provided to at least one of a client and a 
server, and using an intermediary application to 
provide the state information to at least one of the 
client and the server. 

15 In one example, the state information is added 

to a request for the server. In another example, the 
state information is added to a response for the 
client . 

In yet another example, the state information is 

2 0 provided to the client, and the method further 

includes saving the state information at the client 
for any specified range of Uniform Resource Locators. 
Additionally, in another example, the saved state 
information is saved for one or more other range of 
25 Uniform Resource Locators. 

In a further embodiment of the invention, a 
method of electronic shopping is provided. A 
plurality of items to be purchased is selected 
electronically from a plurality of vendors. The 

3 0 plurality of vendors are represented by a plurality 
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of web sites. The plurality of items are purchased 
on-line via a single check out. 

In one example, the selected plurality of items 
are placed in a shared shopping cart. The shared 
5 shopping cart is shared between the plurality of web 
sites . 



In another aspect of the invention, a system of 
sharing state information is provided. In one 
example, the system includes means for determining 
10 state information to be shared between a first domain 
and a second domain, and means for sharing the state 
information between the first domain and the second 
domain, in which the domains are non- cooperating . 



Another aspect of the invention includes a 
15 system of providing state information. The system 
includes, for instance, means for determining state 
information to be provided to at least one of a 
client and server, and an intermediary application 
adapted to provide the state information to at least 
2 0 one of the client and the server. 



In yet another aspect of the present invention, 
a system of electronic shopping is provided. The 
system includes means for selecting a plurality of 
items to be purchased electronically from a plurality 
2 5 of vendors, wherein the plurality of vendors are 

represented by a plurality of web sites, and means 
for purchasing the plurality of items on-line via a 
single check out. 
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In another aspect of the present invention, an 
article of manufacture including at least one 
computer useable medium having computer readable 
program code means embodied therein for causing the 
5 sharing of state information is provided. The 

computer readable program code means in the article 
of manufacture includes, for instance, computer 
readable program code means for causing a computer to 
determine state information to be shared between a 
10 first domain and a second domain, and computer 

readable program code means for causing a computer to 
share the state information between the first domain 
and the second domain, wherein the domains are non- 
cooperating. 

15 Another aspect of the present invention includes 

an article of manufacture including at least one 
computer useable medium having computer readable 
program code means embodied therein for causing the 
providing of state information. The computer 

20 readable program code means in the article of 

manufacture includes, for instance, computer readable 
program code means for causing a computer to 
determine state information to be provided to at 
least one of a client and a server, and computer 

2 5 readable program code means for causing a computer to 

use an intermediary application to provide the state 
information to at least one of the client and a 
server . 

In another aspect of the present invention, at 

3 0 least one program storage device readable by a 

machine, tangibly embodying at least one program of 
instructions executable by the machine to perform a 
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method of electronic shopping is provided. The 
method includes, for instance, selecting a plurality 
of items to be purchased electronically from a 
plurality of vendors, wherein the plurality of 
5 vendors are represented by a plurality of web sites, 
and purchasing the plurality of items on-line via a 
single check out. 



The present invention advantageously enables the 
sharing of state information across disjoint domains. 

10 This is useful in many contexts. One such context is 
a single login facility. Another such context is a 
virtual shopping mall that allows a user to check out 
only once, even though items may have been selected 
from various vendors within the virtual shopping 

15 mall. 



In addition to the 
enables an intermediary 
information to a client 



above, the present invention 
application to provide state 
and/or one or more servers . 



Additional features and advantages are realized 
2 0 through the techniques of the present invention. 

Other embodiments and aspects of the invention are 
described in detail herein and are considered a part 
of the claimed invention. 



BRIEF DESCRIPTION OF THE DRAWINGS 



2 5 The subject matter which is regarded as the 

invention is particularly pointed out and distinctly 
claimed in the claims at the conclusion of the 
specification. The foregoing and other objects, 
features, and advantages of the invention will be 
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apparent from the following detailed description 
taken in conjunction with the accompanying drawings 
in which: 



FIG. 1 depicts one example of a computing 
5 environment incorporating and using the cross- 

domain sharing capability of the present 
invention; 



FIG. 2 depicts one example of how a proxy 
server can add cookies to a request going to a 
10 Web server, in accordance with the principles of 

the present invention; 

FIG. 3 depicts one example of how a proxy 
server can store cookies at a client, in 
accordance with the principles of the present 
15 invention; 



FIG. 4 depicts one example of how a proxy 
server can cause a browser to save one or more 
cookies for any range of Uniform Resource 
Locators (URLs) , in accordance with the 
2 0 principles of the present invention; 

FIG. 5 depicts one embodiment of how a 
proxy server can, upon receiving an HTTP request 
from a browser, cause the browser to send any 
cookie previously saved for any range of URLs, 
25 in accordance with the principles of the present 

invention; 



FIGs. 6a-6b depict one example of how a 
proxy server can be designed to cause one or 
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more cookies previously saved by a browser for 
one range of URLs to be subsequently saved by 
the browser for one or more other range of URLs, 
in accordance with the principles of the present 
5 invention; 



FIGs 7a- 7b depict one example of how to use 
the cross-domain sharing capability of the 
present invention to solve a single logon 
problem; and 

10 FIGs. 8a-8d depict one example of how to 

use the cross-domain sharing capability of the 
present invention to shop in a "virtual mall" 
and to have a single check out. 



BEST MODE FOR CARRYING OUT THE INVENTION 



15 In accordance with the principles of the present 

invention, a cross-domain sharing capability is 
provided in which state information is shared across 
domains, which are non-cooperating. That is, the 
domains have no knowledge of one another and do not 

20 directly communicate state information between one 
another. In one embodiment, state information 
associated with one or more domains is stored in at 
least one cookie, and that at least one cookie is 
then forwarded to one or more other domains. As used 

25 herein, state information includes any information 
that is saved for later use. 



In one embodiment, the cross-domain sharing 
capability of the present invention is incorporated 
and used in a computing environment, such as the one 
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depicted in FIG. 1. Computing environment 10 0 
includes, for instance, a computer system 102 coupled 
to one or more other computer systems 104 via a 
computer system 106. Each of the computer systems 
5 can include, for example, a personal computer, a work 
station, a laptop computer or any other type of 
computer or system that supports the Internet or the 
World Wide Web. 

In one embodiment, each computer system is 
10 running a Windows 95 operating system offered by 

Microsoft. However, this is only one example. Other 
examples include, but are not limited to, the OS/2 
Operating System offered by International Business 
Machines Corporation, Macintosh, various other 
15 Windows operating systems and UNIX operating systems. 

Computer system 102 includes, for example, a 
client application 108, such as a World Wide Web 
(WWW) browser. Client 108 is coupled to an 
intermediary application 110 (e.g., a proxy server) 

20 on computer system 106 via, for instance, the 

hypertext transfer protocol (HTTP) . Intermediary 
application 110 is further coupled, via HTTP, to 
server applications 112, such as World Wide Web 
servers, on computer systems 104. In one example, 

25 the intermediary application has the attributes of 

being implemented in hardware or software, and being 
between a client and a server. The role of 
intermediary application 110 is described in detail 
further below. 

3 0 The computing environment described above is 

only one example. The capabilities of the present 
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invention can be used within other computing 
environments or with other computer systems without 
departing from the spirit of the present invention. 



In accordance with the principles of the present 
5 invention, intermediary application 110 receives HTTP 
requests from the client and returns HTTP responses 
to the client. The intermediary application also 
sends HTTP requests to a server (such as one or more 
of servers 112) and in turn receives HTTP responses. 
10 The HTTP requests sent to the server and the HTTP 

responses returned to the client are created by the 
intermediary application. Thus, the intermediary 
application has a great deal of control over the 
operation of both the client and the server. 

15 In particular, the intermediary application 

controls the adding of state information to the 
requests and responses such that the state 
information can be shared between different domains. 
The manner in which this is accomplished is described 

20 in detail with reference to FIGs. 2-8d. 

Specifically, FIGs. 2 -6b describe the building blocks 
used by the intermediary application in accomplishing 
cross-domain sharing of state information, and FIGs. 
7-8d depict two examples of how the cross -domain 

25 sharing capability of the present invention is used. 
In the examples described herein, browser is used as 
one example of a client, proxy server is used as one 
example of an intermediary application and WWW server 
is used as one example of a server. These are just 

3 0 examples, however; and the invention is not limited 
to such examples. 
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One of the building blocks of the proxy server 
includes having the proxy server add state 
information that it has for one domain (e.g., 
lotus.com) to a request, received from a browser, for 
5 a server within another domain (e.g., ibm.com) . From 
the perspective of the server receiving the request, 
it will look as if the state information came from 
the browser, even though the receiving server is 
within a disjoint domain from the domain that 
10 provided the state information. One example of how 
this is accomplished is described below with 
reference to FIG. 2. 

Depicted in FIG. 2 is a browser 200, a proxy 
server 202 and various WWW servers 204 (also just 

15 referred to as servers herein) . The arrows indicate 
where a particular request originated and where it 
was received. In this particular example, at 
reference 206, it is shown that proxy server 202 has 
previously received a state of "statel" , which is 

20 associated with URL "http//www. ibm. com/pgm3 . exe" . 

This state information was provided by a server in a 
domain other than that which includes www.ibm.com, 
such as, for example, www.lotus.com, or it was 
generated by the proxy server itself. 

25 Continuing with the example, browser 200 sends a 

request 2 08 to server www.ibm.com via a GET command 
using URL http://www.ibm.com/pgm3.exe. The GET 
command and the format of the URL are based on 
conventional standards, which are known in the art. 

3 0 As one example, URLs are described in detail in The 
World Wide Web Complete Reference , by Rick Stout, 
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McGraw-Hill, Inc., 1996, which is hereby incorporated 
he rein by reference in its entirety. 

Although the request is ultimately for server 
"www.ibm.com", the request is received by proxy 
5 server 202, as shown in FIG. 2 (i.e., the arrow at 

2 08 stops at the proxy server) . At the proxy server, 
a determination is made as to whether there is state 
information associated with this particular URL, 
"http://www.ibm.com/pgm3.exe". In order to make this 

10 determination, the proxy server uses a state table 
maintained by the proxy server. The state table 
includes the URL (e.g., http//www. ibm. com/pgm3 . exe) , 
or at least a part of it, and the state (e.g., 
statel) . When the proxy server receives a request, 

15 it searches the state table to determine if the URL 
of the request matches a URL within the state table. 
If such a match exists, as in this example, then 
there is state information associated with that URL. 

Thus, proxy server 2 02 adds the state 
20 information to request 210, which is to be forwarded 
to the specified server. Specifically, the state 
information is added to the request as a cookie. For 
example, it is added by the following statement: 
Cookie : state=statel . 

25 The request with the state information is then 

forwarded from the proxy server to the server 
www.ibm.com. The server then responds to the request 
by sending response 212, which is received by the 
proxy server. Thereafter, the proxy server sends the 

3 0 response onto the browser via response 214. 
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In the above description, the proxy server adds 
state information, via a cookie, to a request from a 
browser to a Web server. In the following 
description, instead of adding the state information 
5 to the request, the proxy server adds the state 

information, via a cookie, to a response going to the 
browser. This technique is described in detail with 
reference to FIG. 3. 

Similar to FIG. 2, FIG. 3 includes a browser 
10 300, a proxy server 302 and various WWW servers 304. 
In this particular example, at 3 06, the proxy server 
has a state of !I state2" associated with URL 
"http://www.us.gov/pgm4.exe". This state information 
was provided by a domain other than that which 
15 includes the server www.us.gov, or it was generated 
by the proxy server itself. 

Browser 3 00 sends request 3 08, which is for 
server "www.us.gov", to proxy server 3 02. The proxy 
server then sends the request (via 310) onto the 

2 0 appropriate server (i.e., www.us.gov), and that 
server forwards a response 312 back to the proxy 
server. Thereafter, the proxy server forwards 
response 314 onto the browser, instructing the 
browser to save the state information described at 

25 306. 

In particular, the proxy server sends the 
following tag to the browser: Set- 
Cookie : state=state2 . The Set-Cookie tag instructs 
the browser to save the state information associated 
30 with that tag (e.g., state2) until the browser 
session ends, and to send it along with future 
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requests within the range of URL's associated with 
the cookie. Since there was no domain or path 
attribute specified on the Set -Cookie tag in response 
314, the only URL associated with the cookie is 
5 http://www.us.gov/pgm4.exe, as designated in 3 08. 

Subsequently, the browser sends another request 
316. The URL of that request matches the URL 
associated with the cookie, and thus, the state 
information is sent along with the request. In 
10 particular, Cookie : state=state2 is forwarded along 
with the request to the proxy server. 

In this example, when the proxy server receives 
the request, it strips the state information off of 
the request, and then, forwards request 318 to the 
15 proper server. The server sends response 320 to the 
proxy server, which is then forwarded from the proxy 
server to the browser (322) . 

Described above are techniques for enabling a 
proxy server to pass state information onto any 
20 request that it sends to the various WWW servers, and 
to return state information on any response sent back 
to the browser. These techniques although valuable, 
have a couple of restrictions. First, the cookie (s) 
returned on HTTP responses to the browser can be 

2 5 associated with a range of URLs only as wide as all 

URLs that have a tail that matches the tail of the 
URL associated with the HTTP response. For example, 
the cookie in response 314 can only be associated 
with URLs that have a tail of H .us.gov" (although, in 

3 0 this example, there is a further specification that 

the entire URL match, since no domain or path were 
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specified in the tag). Second, the cookie (s) added 
to each HTTP request sent to a WWW server, will only 
be sent to the WWW server that is the target of the 
request and not other WWW servers. 

5 In order to eliminate the above restrictions, 

the cross-domain sharing capability of the present 
invention includes further techniques. For example, 
a technique is provided, in accordance with the 
principles of the present invention, in which the 

10 proxy server causes the browser to save state 

information for any range of URLs. That is, the 
browser can save state information that has not been 
associated by the proxy server with any specific URL 
or any range of URLs. One example of such a 

15 technique is described below with reference to FIG. 
4 . 



FIG. 4 includes a browser 400, a proxy server 
402, and various WWW servers 404. Proxy server 402 
has a state of "statel" that it wishes to give to 

20 browser 400 (4 06) . The proxy server has not 

associated the state with any particular URL or range 
of URLs. In order for the proxy server to give the 
state information to the browser, the proxy server 
must somehow provide the browser with this 

2 5 information in a response going to the browser. 

Thus, response 408 is being sent to the browser for a 
request that was previously made by the browser, but 
not shown in the figure. 



At 4 08, the proxy server sends a response to the 
30 browser, which includes a response code of 302 Moved 
Temporarily (also referred to as a temporary 
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redirection response code) . The response code of 3 02 
indicates to the browser that the URL that it 
previously requested has temporarily moved to the 
location specified in "Location:...". In the example 
5 of FIG. 4, the new location is 

" http : // stored, cookie . com/?set__cookie_state= 
statel&real_url=. . . » . The previously requested URL 
is saved in the M real_url= . . . " parameter of the 
"Location:" mime data. 



10 The Moved Temporarily response code causes the 

browser to reissue request 410 for the new location. 
The proxy server receives the new request and 
determines by the "set_cookie_" parameter of the URL 
that this request is one for which cookies should be 

15 returned. It also determines that the request needs 
to be redirected to the URL specified by the 
"real_url=. . . " parameter. 

Thus, the proxy server sends another 3 02 Moved 
Temporarily response 412 to the browser. This 

20 response includes, in the "Location:..." mime data, 
the URL of the original request, as specified by 
real_url (not shown) . It also associates the cookie 
"state=statel" with the domain "stored.cookie.com", 
which is the host name of the server specified in 

25 request 410. Thereafter, the original request 414 is 
resubmitted. 



By using the above technique, the proxy server 
can set a cookie for a fixed location, e.g., 
stored.cookie.com. The domain stored.cookie.com is 
3 0 thus, associated with statel. 
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In addition to the above, the proxy server can 
cause the browser to send any state information 
previously saved for any range of URLs. That is, at 
any point, the proxy server can retrieve a cookie 
5 from a fixed location of the browser. One example of 
this technique is described in detail with reference 
to FIG. 5. 



At 506, proxy server 502 wishes to see what was 
previously saved at the fixed location, 

10 stored.cookie.com. Thus, in response to a previous 
request sent by the browser (not shown) , the proxy 
server sends a 302 Moved Temporarily response 508 to 
browser 500 requesting that the browser issue a 
request for a URL that has "stored. cookie . com" as the 

15 host name. This 302 response includes the Location 

mime data used to specify this URL. It also includes 
the "real_url=. . . " parameter used to save the URL of 
the original request. 

When browser 500 receives the Moved Temporarily 
2 0 response code, it forwards request 510 to the proxy 
server for the URL that has "stored.cookie.com" as 
the host name. Along with this request, the browser 
sends the associated cookie, Cookie : state=statel . 
Thus, when the proxy server receives the request and 
25 sees the "get_cookie_" token, it realizes that it 

should check for the presence of cookies. When the 
proxy server checks, it learns that the value of 
state is statel. 



Thereafter, the proxy server sends another 3 02 
3 0 Moved Temporarily response code in response 512 to 
browser 500 instructing the browser to resend its 
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original request, which is specified in the 
f, real_url" parameter. Thus, the browser resends the 
original request in request 514. 

In addition to the above techniques, the present 
5 invention provides for a technique in which the proxy 
server can cause state information previously saved 
by the browser for one range of URLs (e.g., 
"http://stored.cookie.com/ 11 ) to be subsequently saved 
by the browser for one or more other range of URLs 
10 (e.g., a URL with a tail of ". ibm.com" or ".us.gov"). 
This technique uses a combination of the designs 
described above with reference to figures 4 and 5. 
One example of this technique is described below with 
reference to FIGs. 6a-6b. 

15 As in the other figures, each of FIGs. 6a-6b 

includes a browser 6 00, a proxy server 6 02 and 
various WWW servers 604. At 606 of FIG. 6a, a cookie 
of "state=statel" has already been associated with a 
URL of "http://stored.cookie.com/". 

2 0 Browser 600 sends a request 608 to proxy server 

602, which specifies a URL that has a host name of 
www.ibm.com. In response to request 608, proxy 
server 602 sends response 610 to the browser. 
Response 610 includes a 3 02 Moved Temporarily 
25 response code requesting the browser to resubmit the 
request for a new location, which has a host name of 
"stored.cookie.com". (Response 610 is similar to 
response 508 of FIG. 5, which is described above.) 

Thereafter, the browser resubmits the request at 

3 0 612 and presents the state information that is 
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associated with the URL having a host name of 
stored.cookie.com. In particular, 

Cookie : state=statel is forwarded to the proxy server. 
(Request 612 is similar to request 510 (FIG. 5) , 
5 described above . ) 

Next, the proxy server sends another 3 02 
response 614 to the browser instructing the browser 
to resubmit a request with a URL that is an extension 
of that contained in the original request. The 302 
10 response is used so that the proxy server will have 
an opportunity, in the response to the new request, 
to forward cookies to the browser, as described 
below. 

After receiving the response from the proxy 
15 server, the browser forwards new request 616 to the 
proxy server. This new request includes a 
"set_cookie_" token that indicates to the proxy 
server that this is a URL for which a cookie should 
be returned. In this example, Cookie : act ion=checking 
20 is also present, but is ignored, since the 

"set_cookie_" token is present in the URL associated 
with the request . 

Once again, at 618, the proxy server responds 
with a 3 02 Moved Temporarily response code 
25 instructing the browser to resubmit the original 
request and to associate the cookie in Set- 
Cookie : state=statel with ".ibm.com/". 

Thus, the browser forwards request 62 0 to the 
proxy server. In this example, the request includes 
30 Cookie : action=checking, which is used to inform the 
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proxy server that the redirection to URL 
"http : / / stored. cookie . com/?get_cookie=true&real_url= . 
-." has already been performed (i.e., via response 
610) . Therefore, the proxy server is to forward the 
5 request to the appropriate WWW server. 

The proxy server sends request 622 to the 
www.ibm.com server, after stripping off the 
action=checking cookie. The request includes the 
Cookie : state=statel that has now been associated with 
10 the ibm.com domain, as described above. 

The www.ibm.com server sends response 624 to the 
proxy server, and the proxy server forwards that 
response onto the browser at 626. Additionally, the 
proxy server clears the "action=" cookie by using an 
15 expires attribute with a date in the past (e.g., Jan 
1970) . 

In the above example, the state=statel 
information that was previously saved by the browser 
for the "http: //stored. cookie. com/" URL has 
2 0 subsequently been saved for another range of URLs 
specifically URLs with a tail of ibm.com. In the 
above example, requests and responses 614 through 62 0 
are similar to requests and responses 408 through 414 
of FIG. 4, which are described in detail above. 

25 FIG. 6b is similar to FIG. 6a except that the 

cookie associated with "http: //stored, cookie . com/ 1 ' is 
stored for all URLs with a tail of ".us.gov", instead 
of all URLs with a tail of ".ibm.com". In 
particular, requests and responses 630 through 648 
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are similar to requests and responses 608 through 626 
of FIG. 6a. 

Described above are various techniques used by a 
proxy server to enable the sharing of state 
5 information, and in particular, the sharing of 
cookies across disjoint domains. One specific 
example of how the cross-domain sharing capability of 
the present invention is used is described in detail 
below with reference to FIGs. 7a-7b. These figures 

10 depict an example of using the present invention to 
solve a single login problem. The problem solved is 
how to send a single set of credentials (including a 
userid and password pair, for example) to multiple 
WWW servers without prompting the user to specify the 

15 credentials for each different WWW server. 

Referring to FIG. 7a, request 706 is sent by 
browser 700 for URL "http://www.ibm.com/pgml.exe". 
Since there have been no credentials associated with 
this URL yet, none are sent in the request header. 
2 0 Proxy server 702 forwards the request to the 

appropriate WWW server 704, as shown in 708. The WWW 
server receives the request and returns response 710, 
which contains a 401 unauthorized response code, 
since no credentials were supplied in the request 

2 5 header. The proxy server receives this response and 

converts it to a response with a response code of 200 
and data that represents an HTML page, which contains 
an HTML Form element with fields for the user to 
supply its single login userid and password. 

3 0 As a result of the user submitting the form, the 

browser sends POST request 714 containing the userid 
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and password. Request 714 also includes host name 
"stored. cookie . com" , which was obtained from the HTML 
data entered at 712. Upon receiving the request, the 
proxy server associates a random number, called 
5 randoml in this example (716) , and sends response 718 
to the browser. Response 718, as well as requests 
and responses 720 through 724 are similar to requests 
and responses 408 through 414 (FIG. 4), described 
above. However, in the particular example of FIG. 

10 7a, two cookies are saved. In particular, the cookie 
"random=randoml is saved for both the URL 
"http://stored.cookie.com/" (at 718) and for all URLs 
with a tail of » .ibm.com" (at 722). At 724, the 
"random=randoml" cookie is sent by the browser, since 

15 the request is associated with a URL that has a tail 
of " . ibm. com" . 



When the proxy server receives request 724, the 
proxy server replaces the "random= randoml " cookie 
with the credentials (e.g., userid and password) 
20 associated at 716 with randoml, and sends request 730 
(FIG. 7b) to the appropriate WWW server. If the 
credentials are valid, the WWW server returns 
response 732 to the proxy server, with a response 
code of 200 (OK) . 



25 Thereafter, the proxy server sends response 734 

to the browser. At some point in the future, but 
within the same session, the browser sends request 
736. The cookie "random= randoml" is not sent because 
the URL does not have a tail of ".ibm.com", instead, 

3 0 it has a tail of " . lotus . com" . When the proxy server 
receives request 738, it attempts to retrieve the 
"random=" cookie by returning response 73 8 to the 
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browser. This response contains a redirection to the 
URL for which the "random=" cookie should be 
associated, namely the URL 

" http: //stored. cookie. com/ " . Requests and responses 
5 74 0 through 746 are performed to associate the 

"random=" cookie, currently saved by the browser, 
with all URLs which have a tail of " .lotus.com" . 

As a result of the above, request 748, when sent 
by the browser, contains the ,, random=" cookie. When 

10 the proxy server receives request 74 8, the proxy 

server replaces the " random=randoml n cookie with the 
credentials (e.g., userid and password) associated 
(via step 716) with randoml, and sends request 750 to 
the appropriate WWW server. If the credentials are 

15 valid, the WWW server returns to the proxy server a 
response with a response code of 200 (OK) (not 
shown) . The proxy server would then in turn forward 
this response to the browser. 

In the above example, the "random=" cookie is 
20 saved for all URLs that have a tail of " .ibm.com" (at 
722) and for all URLs that have a tail of 
".lotus.com" (at 746). However, in another example, 
the cookie could have been saved for only the 
specific URLs that need authorization. This would 
25 require the proxy server to use a database listing 
the URLs. 

Throughout the above example, the user is only 
prompted once for the user's credentials (at 712), 
even though the credentials are sent to two WWW 
3 0 servers with different tails, namely the server 

"www.ibm.com" and the server "private.lotus.com". 
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This demonstrates a solution to the single login 
problem. 

Another example in which the cross-domain 
sharing capability of the present invention is used 
5 is in a virtual on-line shopping mall. In accordance 
with the principles of the present invention, items 
from different vendors are added to a single 
"shopping cart", such that the purchaser only has to 
check out once, even though items from different 
10 vendors are being purchased. One example of using 
the present invention for the virtual shopping mall 
is described below with reference to FIGs. 8a-8d. 

As with the other figures, each of FIGs. 8a-8d 
depicts a browser 800, a proxy server 802 and various 
15 WWW servers 804. In this example, the user has been 
surfing the World Wide Web, and has decided to 
purchase an Aptiva from IBM. 

Thus, a request 806 is sent by browser 800 for 
URL "http : //www. ibm. com/online . exe?purchase=Aptiva" , 

2 0 which, for the purposes of this example, is the 

result of a user specifying that the user would like 
to order an Aptiva. When the proxy server receives 
the request, there is no "action=" cookie, and thus, 
the proxy server determines whether any items have 
25 been placed in the "shopping cart" that is shared 
between vendors. In this example, the shared 
"shopping cart" is any cookies saved for URL 
"http : //stored . cookie . com/ " . 

To determine whether any items have been placed 

3 0 in the shopping cart, the proxy server sends response 
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808 to the browser. Since request 810, which is in 
response to 808, does not contain any cookies, the 
proxy server knows that the "shopping cart" is empty. 
Therefore, proxy server 802 sends response 812 to 
5 redirect the browser to the URL that was originally 
specified in request 806. 

When the proxy server receives request 814, it 
knows from the "action^" cookie that it does not have 
to check the shopping cart, and thus, it just 

10 forwards the request to the appropriate WWW server as 
request 816. After the server receives request 816, 
it sends response 818 back to the proxy server. This 
response contains a cookie ( "purchases=Aptiva" ) that 
is to be added to the "shopping cart" for URL 

15 "http : //www. ibm. com/online . exe?purchase=Aptiva" . 

After receiving response 818 from the WWW 
server, the proxy server creates a temporary file, 
named Filel, and adds the details of response 818 to 
this file. The proxy server then sends response 820 

2 0 to the browser. 

Response 820 uses temporary redirection in order 
to set up the saving of the n purchases=Aptiva" cookie 
in the shared "shopping cart". Additionally, 
response 820 includes a cookie, "result=Filel" , that 
25 is to be stored for URL 

"http : //www. ibm . com/online . exe?purchase=Aptiva !? . 
This cookie will eventually be used by the proxy 
server, as described further below. Response 820 
also includes the "purchases=Aptiva" cookie so that 

3 0 the browser will save and associate this cookie with 

URL n http : / / www . ibm . com/online . exe ?purchase=Apt iva " , 
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just as if there was no shared "shopping cart". As 
described above, the cookie is associated with that 
particular URL based on request 814. Further, 
response 820 instructs the browser to reissue the 
5 request with URL 

"stored. cookie . com/?set_cookie_purchase=Aptiva" . 

Thus, request 83 0 (FIG. 8b) is sent from the 
browser to the proxy server for the domain 
stored.cookie.com. Request 830 and response 832 are 

10 used to store into the shared "shopping cart", and to 
redirect the browser to the original URL (i.e., the 
URL of request 806) . Requests and responses 834 
through 83 8 are similar to the requests and responses 
806 through 810, except this time, a cookie is stored 

15 in the shared "shopping cart". Thus, the cookie is 
sent in request 838. 

When the proxy server receives request 83 8 and 
notices that there is a cookie in the shared 
"shopping cart", it sends response 840 to the 

20 browser. Response 840, request 842 and response 844 
are used to save a copy of this cookie (from the 
shared "shopping cart") to the original URL (i.e., 
the URL of request 806) . Note that request 842 
includes both an "action=" cookie and a "set_cookie_" 

25 tag, and thus, the proxy server ignores the "action=" 
cookie and performs actions based on the 
"set_cookie_" tag, instead. In this example, the 
Aptiva would be in the "shopping cart" of the 
original URL twice, and it would be up to the WWW 

3 0 server to take care of the duplication. In another 
example, the proxy server, for instance, could make 
sure that the item is not added twice. 
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Request 850 (FIG. 8c) is used to send the 
original request to the proxy server. When the proxy 
server receives request 850, it notices that the 
"result=Filel" cookie is present so it retrieves the 
5 contents of file "Filel" and returns response 852 
with the contents of this file. The proxy server 
then erases file "Filel". Response 852 contains the 
,! result= n cookie with a date in the past. This is 
used to instruct the browser to delete the "result = lf 
10 cookie that has previously been saved for URL 

"http : //www. ibm. com/online . exe?purchase=Aptiva" . The 
same is done for the ,f action= n cookie. 

Requests and responses 854 through 872 show what 
happens when the user orders Lotus Notes from the 

15 Lotus WWW server. When the proxy server receives 

request 854, since there is no "action=" cookie, the 
proxy server determines whether any items have been 
placed in the "shopping cart". To make this 
determination, the proxy server sends response 856. 

2 0 The subsequent request 858 sent by the browser does 
contain a cookie (namely, "www. ibm. com_purchases== 
Aptiva"), so the proxy server knows that the shared 
"shopping cart" is not empty. 

Therefore, response 860, request 8 62 and 
25 response 8 64 are used to save a copy of this cookie 

(from the shared "shopping cart") to the original URL 
(i.e., the URL of request 854). As a result, when 
the browser sends request 870 (FIG. 8d) , the cookies 
sent include the cookie saved in the shared "shopping 
30 cart" (i.e., www. ibm. com_purchases=Aptiva" ) . When 

the proxy server receives request 870, it knows that 
it need not check the shopping cart, since the 
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n action=" cookie is present. Thus, the proxy server 
sends request 872 to the appropriate WWW server and 
includes the cookie saved in the shared "shopping 
cart". Therefore, in accordance with the principles 
5 of the present invention, the cookie in the shared 
"shopping cart" that was added as a result of the 
user purchasing an item on the "www.ibm.com" server 
can be presented to a server, namely "www.lotus.com", 
which does not have a tail of ".ibm.com". 

!0 In the above shopping mall example, whenever the 

user is finished making the purchases, the user can 
check out at the last vendor. The last vendor will 
be provided with all of the purchases made from any 
of the vendors in the shopping mall. This shopping 

15 trip can last for hours or even days. 

Described in detail above are techniques used to 
enable the sharing of state information across 
disjoint domains (e.g., www.ibm.com and 
www.lotus.com). The state information is stored, for 
20 instance, in HTTP cookies, which are shared across 
the domains. In order to accomplish the sharing, a 
proxy server is used. 

The proxy server receives HTTP requests from a 
browser and returns HTTP responses. The proxy server 

2 5 also sends HTTP requests to a WWW server and in turn 

receives HTTP responses. The HTTP requests sent to 
the WWW server and the HTTP responses returned to the 
browser are created by the proxy server, so the proxy 
server has a great deal of control over the operation 

3 0 of both the browser and the WWW server. 
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In summary, the present invention allows for 
cookies to be shared across disjoint domains through 
the use of one or more of the following techniques: 



1- Since the proxy server has control of the 
HTTP requests sent to each WWW server, the 
proxy server can add it 1 s state 
information, as one or more cookies, to the 
request headers. From the perspective of 
each WWW server, it will look as if the 
cookie had come from the browser, even 
though the WWW servers are within disjoint 
domains . 



2 . Since the proxy server has control of the 
HTTP responses sent to the browser, the 

15 proxy server can add state information, as 

one or more cookies, to the response 
headers. The browser will, for each 
response, save the cookie (s) for the range 
of URLs specified. From the perspective of 

20 the browser, it will look as if the same 

cookie had come from the appropriate WWW 
server . 



3. The proxy server, upon receiving an HTTP 

request from the browser, can return to the 

25 browser an HTTP response that contains a 

response code of 3 02 (Moved Temporarily) , 
one or more cookies, and a Location tag 
that specifies a Uniform Resource Locator 
(URL) . Upon receiving this type of 

3 0 response, the browser will save the 

cookie (s) for the range of URLs specified 
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and will, in response to the "Moved 
Temporarily" response code, send an HTTP 
request to the proxy server where the URL 
associated with the request is that 
specified in the Location tag of the 
previous response . 

Upon receiving this new HTTP request from 
the browser, the proxy server will respond 
once again with an HTTP response. This 
HTTP response can also contain a response 
code of 3 02, along with one or more cookies 
in the response header. By using this 
technique, the proxy server can, upon 
receiving any HTTP request from the 
browser, cause the browser to save one or 
more cookies for any range of URLs. 

4. The proxy server, upon receiving an HTTP 

request from the browser, can return to the 
browser an HTTP response that contains a 
response code of 3 02 (Moved Temporarily) 
and a Location tag that specifies a Uniform 
Resource Locator (URL) . Upon receiving 
this type of response, the browser will, in 
response to the "Moved Temporarily" 
response code, send an HTTP request to the 
proxy server where the URL associated with 
the request is that specified in the 
Location tag of the previous response. If 
the URL associated with this new request is 
within the range of URLs for which cookies 
have been previously saved, the appropriate 
cookies will be sent in the request header. 
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By using this technique, the proxy server 
can, upon receiving any HTTP request from 
the browser, cause the browser to send any 
cookie previously saved for any range of 
5 URLs . 



By combining techniques 3 and 4 above, the proxy 
server can cause one or more cookies previously saved 
by the browser for one range of URLs to be 
subsequently saved by the browser for one or more 
10 other range of URLs, in accordance with the 
principles of the present invention. 

The present invention can be included in an 
article of manufacture (e.g., one or more computer 
program products) having, for instance, computer 

15 useable media. The media has embodied therein, for 
instance, computer readable program code means for 
providing and facilitating the capabilities of the 
present invention. The article of manufacture can be 
included as a part of a computer system or sold 

20 separately. 

Additionally, at least one program storage 
device readable by a machine, tangibly embodying at 
least one program of instructions executable by the 
machine to perform the capabilities of the present 

2 5 invention can be provided. 

The flow diagrams depicted herein are just 
exemplary. There may be many variations to these 
diagrams or the steps (or operations) described 
therein without departing from the spirit of the 

3 0 invention. For instance, the steps may be performed 
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in a differing order, or steps may be added, deleted 
or modified. All of these variations are considered 
a part of the claimed invention. 

Although preferred embodiments have been 
5 depicted and described in detail herein, it will be 
apparent to those skilled in the relevant art that 
various modifications, additions, substitutions and 
the like can be made without departing from the 
spirit of the invention and these are therefore 
10 considered to be within the scope of the invention as 
defined in the following claims. 
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CLAIMS 



What is claimed is: 

1 1. A method of sharing state information, said 

2 method comprising: 

3 determining state information to be shared 

4 between a first domain and a second domain; and 



5 sharing said state information between said 

6 first domain and said second domain, wherein 

7 said first domain and said second domain are 

8 non-cooperating. 

1 2. The method of claim 1, wherein said state 

2 information is stored within one or more cookies. 

1 3. The method of claim 1, wherein said first 

2 domain and said second domain are disjoint domains. 

1 4. The method of claim 1, wherein said sharing 

2 comprises: 

3 adding state information of said first 

4 domain to a request to be sent to said second 

5 domain; and 

6 sending said request, including said state 

7 information, to said second domain. 
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1 5. The method of claim 4, wherein said sharing 

2 further comprises receiving, by an intermediary 

3 application, said request from a client prior to said 

4 adding, and wherein said adding and said sending are 

5 performed by said intermediary application. 

1 6. The method of claim 1, wherein said sharing 

2 comprises: 

3 adding state information of said first 

4 domain to a response associated with said second 

5 domain; and 

6 sending said response, including said state 

7 information, to a client. 

1 7. The method of claim 6, wherein said sharing 

2 further comprises saving said state information at 

3 said client, wherein said state information is saved 

4 for a specified range of Uniform Resource Locators 

5 associated with said second domain. 

1 8. The method of claim 1, wherein said sharing 

2 is controlled by an intermediary application. 
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1 9. The method of claim 1, wherein said state 

2 information is representative of at least one of the 

3 following: 

4 (a) login credentials to be used when 

5 accessing said first domain and said second 

6 domain; and 

7 (b) items to be purchased in an on-line 

8 virtual shopping mall, wherein said first domain 

9 represents a first vendor of said on-line 

10 virtual shopping mall and said second domain 

11 represents a second vendor of said on-line 

12 virtual shopping mall. 
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1 

2 



10. A method of providing state information, 
said method comprising: 



3 determining state information to be 

4 provided to at least one of a client and a 

5 server; and 

6 using an intermediary application to 

7 provide said state information to at least one 

8 of said client and said server. 

1 11. The method of claim 10, wherein said using 

2 comprises: 

3 receiving, by said intermediary 

4 application, a request from said client; and 

5 sending a response to said request from 

6 said intermediary application to said client, 

7 said response including said state information. 

1 12. The method of claim 10, wherein said state 

2 information is provided to said client, and wherein 

3 said method further comprises saving said state 

4 information at said client for any specified range of 

5 Uniform Resource Locators. 

1 13. The method of claim 12, further comprising 

2 forwarding said state information saved at said 

3 client to said intermediary application. 

1 14. The method of claim 12, further comprising 

2 saving said state information for one or more other 

3 range of Uniform Resource Locators. 
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1 15. The method of claim 10, wherein said using 

2 comprises adding said state information to a request 

3 for said server. 

1 16. The method of claim 10, wherein said using 

2 comprises adding said state information to a response 

3 for said client. 

1 17. The method of claim 16, further comprising 

2 saving, by said client, said state information for a 

3 specified range of Uniform Resource Locators. 
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2 



18. A method of electronic shopping, said 
method comprising: 



3 selecting a plurality of items to be 

4 purchased electronically from a plurality of 

5 vendors, said plurality of vendors being 

6 represented by a plurality of web sites; and 

7 purchasing said plurality of items on-line 

8 via a single check out. 

1 19. The method of claim 18, further comprising 

2 placing said selected plurality of items in a shared 

3 shopping cart, said shared shopping cart being shared 

4 between said plurality of web sites. 

1 20. The method of claim 19, wherein said shared 

2 shopping cart comprises one or more cookies 

3 representing said plurality of items to be purchased. 

1 21. The method of claim 19, wherein said 

2 placing is controlled by an intermediary application 

3 coupled to said web sites. 
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1 22. A system of sharing state information, said 

2 system comprising: 

3 means for determining state information to 

4 be shared between a first domain and a second 

5 domain; and 

6 means for sharing said state information 

7 between said first domain and said second 

8 domain, wherein said first domain and said 

9 second domain are non- cooperating . 

1 23. The system of claim 22, wherein said state 

2 information is stored within one or more cookies. 

1 24. The system of claim 22, wherein said means 

2 for sharing comprises: 

3 means for adding state information of said 

4 first domain to a request to be sent to said 

5 second domain; and 

6 means for sending said request, including 

7 said state information, to said second domain. 

1 25. The system of claim 24, further comprising 

2 an intermediary application adapted to receive said 

3 request from a client prior to said adding, and 

4 adapted to add said state information to said request 

5 and to send said request. 



EN998017 



-42- 



1 26. The system of claim 22, wherein said means 

2 for sharing comprises: 

3 means for adding state information of said 

4 first domain to a response associated with said 

5 second domain; and 

6 means for sending said response, including 

7 said state information, to a client. 

1 27. The system of claim 26, wherein said client 

2 is adapted to save said state information for a 

3 specified range of Uniform Resource Locators 

4 associated with said second domain. 

1 28. The system of claim 22, wherein said means 

2 for sharing comprises an intermediary application. 

1 29. The system of claim 22, wherein said state 

2 information is representative of at least one of the 

3 following: 

4 (a) login credentials to be used when 

5 accessing said first domain and said second 

6 domain; and 

7 (b) items to be purchased in an on-line 

8 virtual shopping mall, wherein said first domain 

9 represents a first vendor of said on-line 

10 virtual shopping mall and said second domain 

11 represents a second vendor of said on-line 

12 virtual shopping mall. 
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1 30. A system of providing state information, 

2 said system comprising: 

3 means for determining state information to 

4 be provided to at least one of a client and a 

5 server; and 

6 an intermediary application adapted to 

7 provide said state information to at least one 

8 of said client and said server. 

1 31. The system of claim 30, wherein said 

2 intermediary application is further adapted to: 

3 receive a request from said client; and 

4 send a response to said request to said 

5 client, said response including said state 

6 information . 

1 32. The system of claim 30, wherein said state 

2 information is provided to said client, and wherein 

3 said client is adapted to save said state information 

4 for any specified range of Uniform Resource Locators. 

1 33. The system of claim 32, further comprising 

2 means for forwarding said state information saved at 

3 said client to said intermediary application. 

1 34. The system of claim 32, further comprising 

2 means for saving said state information for one or 

3 more other range of Uniform Resource Locators. 
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1 35. The system of claim 30, wherein said 

2 intermediary application is adapted to add said state 

3 information to a request for said server. 

1 36. The system of claim 30, wherein said 

2 intermediary application is adapted to add said state 

3 information to a response for said client. 

1 37. The system of claim 36, wherein said client 

2 is adapted to save said state information for a 

3 specified range of Uniform Resource Locators. 



EN998017 



-45- 



1 

2 



38. A system of electronic shopping, said 
system comprising: 



3 means for selecting a plurality of items to 

4 be purchased electronically from a plurality of 

5 vendors, said plurality of vendors being 

6 represented by a plurality of web sites; and 

7 means for purchasing said plurality of 

8 items on-line via a single check out. 

1 39. The system of claim 38, further comprising 

2 a shared shopping cart adapted to receive said 

3 selected plurality of items, said shared shopping 

4 cart being shared between said plurality of web 

5 sites. 



1 40. The system of claim 39, wherein said shared 

2 shopping cart comprises one or more cookies 

3 representing said plurality of items to be purchased. 

1 41. The system of claim 39, further comprising 

2 an intermediary application coupled to said plurality 

3 of web sites, said intermediary application adapted 

4 to associate said selected plurality of items with 

5 said shared shopping cart . 
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1 42. An article of manufacture, comprising: 

2 at least one computer useable medium having 

3 computer readable program code means embodied 

4 therein for causing the sharing of state 

5 information, the computer readable program code 

6 means in said article of manufacture comprising: 

7 computer readable program code means 

8 for causing a computer to determine state 

9 information to be shared between a first 

10 domain and a second domain; and 

11 computer readable program code means 

12 for causing a computer to share said state 

13 information between said first domain and 

14 said second domain, wherein said first 

15 domain and said second domain are non- 

1 6 cooperat ing . 

1 43. The article of manufacture of claim 42, 

2 wherein said state information is stored within one 

3 or more cookies . 
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1 44. The article of manufacture of claim 42, 

2 wherein said computer readable program code means for 

3 causing a computer to share comprises: 

4 computer readable program code means for 

5 causing a computer to add state information of 

6 said first domain to a request to be sent to 

7 said second domain; and 

8 computer readable program code means for 

9 causing a computer to send said request, 

10 including said state information, to said second 

11 domain. 

1 45. The article of manufacture of claim 42, 

2 wherein said computer readable program code means for 

3 causing a computer to share comprises: 

4 computer readable program code means for 

5 causing a computer to add state information of 

6 said first domain to a response associated with 

7 said second domain; and 

8 computer readable program code means for 

9 causing a computer to send said response, 

10 including said state information, to a client. 
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1 46. The article of manufacture of claim 45, 

2 further comprising computer readable program code 

3 means for causing a computer to save said state 

4 information at said client, wherein said state 

5 information is saved for a specified range of Uniform 

6 Resource Locators associated with said second domain. 
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47. An article of manufacture, comprising: 



2 at least one computer useable medium having 

3 computer readable program code means embodied 

4 therein for causing the providing of state 

5 information, the computer readable program code 

6 means in said article of manufacture comprising: 

7 computer readable program code means 

8 for causing a computer to determine state 

9 information to be provided to at least one 

10 of a client and a server; and 

11 computer readable program code means 

12 for causing a computer to use an 

13 intermediary application to provide said 

14 state information to at least one of said 

15 client and said server. 

1 48. The article of manufacture of claim 47, 

2 wherein said state information is provided to said 

3 client, and wherein said article of manufacture 

4 further comprises computer readable program code 

5 means for causing a computer to save said state 

6 information at said client for any specified range of 

7 Uniform Resource Locators. 

1 49. The article of manufacture of claim 48, 

2 further comprising computer readable program code 

3 means for causing a computer to save said state 

4 information for one or more other range of Uniform 

5 Resource Locators. 
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1 50. At least one program storage device 

2 readable by a machine, tangibly embodying at least 

3 one program of instructions executable by the machine 

4 to perform a method of electronic shopping, said 

5 method comprising: 

6 selecting a plurality of items to be 

7 purchased electronically from a plurality of 

8 vendors, said plurality of vendors being 

9 represented by a plurality of web sites; and 

10 purchasing said plurality of items on-line 

11 via a single check out. 

***** 
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METHOD, SYSTEM AND PROGRAM PRODUCTS FOR 
SHARING STATE INFORMATION ACROSS DOMAINS 



ABSTRACT OF THE DISCLOSURE 

State information is shared across domains. The 
state information is placed in one or more cookies 
that are shared across disjoint domains. An 
intermediary application is used, as one example, to 
5 enable the sharing of the state information (e.g., 
the cookies) across the different domains. The 
intermediary application is used to add state 
information to requests received from a client and to 
responses going to the client. Further, an 

10 intermediary application is used to cause a client to 
save state information for any range of Uniform 
Resource Locators (URLs) , and to cause the client to 
send any previously stored state information to the 
intermediary application. Additionally, the 

15 intermediary application is used to cause state 

information previously saved by the client for one 
range of URLs to be subsequently saved by the client 
for one or more other range of URLs . 
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AT THIS POINT, THE PROXY 
SERVER HAS A STATE OF 
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"httpy' /www.us.gov/pgm4.exe M . 
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At this point, the 
proxy server is 
looking to retrieve the 
the value of "state" 
from the 8rcwser. 
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associated with a URL of 
"http://stored.cookia.comT. 
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HTTP/1 .0 302 Moved Temporarily. 

Location: http://stored.cookie.com/?get_cookie=true&rea!_url=www.us.gov/pgm2.exe 
Set-Cookie: action=checking 1 3 ^ 

GETWttp://stored.cookie.com/?get_cookie=true&rea!_url=www.us.gov/pgm2.exe 
HTTPZ1.0 

Cookie: state=state1 t2>t 

HTTP/1 .0 302 Moved Temporarily 

Location: http://www.us.gov/pgm2.exe^se t_cookie_state=state1 
GET|vttp://www.us.gov/pgm2.exe?set^cookie_state=state1 

Cookie: action=checking foV(0 
— 



HTTP/1.0 200 OK 

Set-Cookie: action=done; expires=Thursday, 01-Jan-1970 01:00:00 GMT 

FIG-. £>b 
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inventor (if plural names are listed below) of the subject matter which 
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METHOD, SYSTEM AND PROGRAM PRODUCTS FOR 
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